Checkmarx announced technology this week that the company describes as an innovation in secure coding.
The Checkmarx Virtual Compiler lets source code be scanned in real time without using a compiler, giving developers, auditors, and security professionals capabilities for secure coding and fixing flaws at the earliest stages of development, the company said.
Most security issues can be traced to code vulnerabilities, Checkmarx said. Static code analysis tools have been used to fight software vulnerabilities but they require that a project be almost completed before scanning can take place, according to the company. This makes security repairs to code costly and nullifies the benefits of static analysis.
Checkmarx Virtual Compiler lets developers scan unbuilt code so static analysis can be performed earlier in the development lifecycle, Checkmarx said. Security auditors, meanwhile, can conduct audits any time on the code base without having to emulate a developer's environment.
"The Checkmarx Virtual Compiler means developers can finally fix code on the assembly line instead of having to wait until the software is almost out the door," said Checkmarx CTO and founder Maty Siman in a statement released by the company.
Usable in any stage of development, the product supports Linux, Windows and Solaris and languages such as Java, C/C++ and Salesforce.com Apex. Checkmarx is offering a free trial of its code analysis, accessible.